Replies: 1 comment
-
|
I just change the “/usr/local/lib/python3.9/dist-packages/gunicorn/workers/sync.py” and used “SSLContext.wrap_socket()” instead “wrap_socket()” and set the context options to disable renegotiation. See following the source file.
and now the edited file
after that I restarted gunicorn and renegotiation has been disabled!!!
If anyone wants to implement this SSLcontext feature, will be goooooooood ;-) |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello guys!
I'm using gunicorn 20.1.0 with a web2py application, and I would like to use a feature in stdlib ssl module to prevent renegotiation in SSL handshake, but gunicorn doesn't have this argument on binary. Anyone know how can I do this?
stdlib ssl
https://docs.python.org/3/library/ssl.html
ssl.OP_NO_RENEGOTIATION
Disable all renegotiation in TLSv1.2 and earlier. Do not send HelloRequest messages, and ignore renegotiation requests via ClientHello.
I used the command line "openssl s_client -connect xxx.xxx.xxx.xxx:8000" and after the handshake finish, I just sent the "R" key and hit enter, to see the flaw happens
Beta Was this translation helpful? Give feedback.
All reactions